Just noticed this morning on twitter thanks to Michael LaMontagne there’s a new December 2017 Cumulative update released for Skype for Business Server 2015 !
Its been a good while since the last CU was released which i think was May 2017 so this CU has a huge amount of improvements and fixes in, there’s even a fix for the VIS role which surprised me a lot. I think this makes this CU6 for SfB Server 2015 now.
It mentions this update enables Location-Based Routing to support the Skype for Business mobile clients which is very interesting as this is what was listed in the May 2017 CU.
There FIPS support, adding of HTTP strict transport security, Mac, VIS, P chat, meeting url searchable by search engines and lot more ill try and give a quick summary on some of the highlights but definitely recommend checking all the fixes and improvements out.
A very quick summary
- Quite alot of Updates for the SfB Mac client which also had a recent December CU as well.
- Fixes for restricting external SfB Mac clients
- Looks like this is required to enable peer to peer file transfer for SfB Mac Clients
- E911 is mentioned again with a fix for the Mac client so very important fix here as incorrect location information could be given
- Strict-Transport-Security header to the path of all web service responses nice to see this. This protect websites against protocol downgrade attacks and cookie hijacking More info on this here https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
- Fix for the May 2017 .NET Framework update which i saw a few customers with this issue
- Fix for enabling SfB Server with Federal Information Processing Standard (FIPS) guidelines – https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards
- VIS fix with Cisco endpoints – Someone out there is using VIS
- Persistent chat fixes
- SRS and Surface Hub fixes
- Meeting URLs searchable in search engine results – I have seen this one so great to see this fixed.
- Fix if Firefox 52 or a later is your default browser
Version – 9319.510
Download Link
https://www.microsoft.com/en-us/download/details.aspx?id=47690
Improvements / Fixes
This update enables Location-Based Routing to support the Skype for Business mobile clients.
| Improvements / Fixes | Symptom / Cause |
|
If you set the AllowExchangeConnectivity attribute for the mobility policy to false in Microsoft Skype for Business Server 2015, Skype for Business on Mac clients can’t retrieve meeting information through the Exchange Web Services (EWS) connection to the Exchange server.
This issue occurs because the Unified Communications Web API (UCWA) module in Skype for Business Front End server doesn’t implement this feature. |
|
Assume that you enable the passive authentication for the web services of the Front End Server pool in Microsoft Skype for Business Server 2015. When you use the Skype for Business client to access the external web services, a credential prompt (sign-in dialog box) is displayed even if the NTLM authentication protocol is disabled. |
|
Assume that you have installed the latest updates for Skype for Business Server 2015. When you make an E911 (enhanced 911) call in Skype for Business on Mac, the call is connected to the E911 call center. However, the received location information is in an incorrect format. |
|
The update includes a Strict-Transport-Security header in the path of all web service (HTTP) responses in Microsoft Skype for Business Server 2015. HTTP Strict Transport Security (HSTS) is an Internet Engineering Task Force (IETF) standard-compliant security feature in the header to help users connect to secure sites in a secure way, and prevent some attacks. |
|
After you install this update, you can run the following cmdlets for Microsoft Skype for Business on Mac users to restrict external access globally or on a per-user basis in a Microsoft Skype for Business Server 2015 environment:
|
|
After you install February 2017 update for Skype for Business Server 2015 (build 6.0.9319.277), synthetic transactions don’t work as expected. For example, when you run the Test-CsUcwaConference (UcwaConference) cmdlet, you receive the following error message:
Error Message: Failed creating application activity. Inner Exception: Method not found: ‘System.Threading.Tasks.Task`1 <Microsoft.Rtc.Internal. Ucwa.ClientModel.Interfaces.IHttpResult> Microsoft.Rtc.Internal. Ucwa.ClientModel.Interfaces. IMeService.MakeMeAvailableAsync(Microsoft.Rtc.Internal.Ucwa.ClientModel. ApplicationSignInProperties)’. |
|
This issue occurs because the origin header isn’t handled correctly. |
|
Consider the following scenario:
In this scenario, when you try to sign in to Unified Communications Web API (UCWA) clients, you receive the following error message: We can’t sign you in because you aren’t set up to use Skype for Business. Please contact your support team After you apply this update, you receive the following error message: Your account does not allow access from outside your organization’s network. Please contact your organization’s network and then try signing in |
|
Consider the following scenario:
In this scenario, you might be unable to join the application sharing session of the meeting. This issue occurs because Skype for Business Application Sharing Server (ASMCU) doesn’t include the rtcp-mux attribute in the Session Description Protocol (SDP) after the application sharing session is failed from VbSS to the remote desktop protocol (RDP) session. |
|
Consider the following scenario:
In this scenario, Unified Communications Web API (UCWA) clients still can sign in from external networks even if the external access setting is disabled by the policy. |
|
Consider the following scenario:
In this scenario, you can’t schedule or join a meeting by using the Meet Now option or Outlook Skype Meeting add-in. This issue occurs because Meeting functionality dependency: SHA256 Managed implementation is incompatible with Federal Information Processing Standard (FIPS) guidelines in Cumulative Update 5. |
|
|
|
You may find that the following event fills up Windows Fabric event logs in Microsoft Skype for Business Server 2015 Director pools:
Log Name: Microsoft-Windows-WindowsFabric/Admin Source: Microsoft-Windows-WindowsFabric Date: Date/Time Event ID: 16385 Task Category: Reliability Level: Warning Keywords: Default User: NETWORK SERVICE Computer: computer-FQDN NAME Description: FM resolving failed with FABRIC_E_PARTITION_NOT_FOUND Event Xml
This issue occurs because the Windows Fabric cluster isn’t set up properly in Skype for Business Server 2015 Director pools that have more than two servers. |
|
Consider the following scenario:
In this scenario, you experience the following symptoms:
|
|
Consider the following scenario:
In this scenario, after some seconds, when the Skype for Business client makes some mid-call controls, such as clicking stop my video or start my video, or both options, the call is dropped. This issue occurs because after Skype for Business client answers an incoming call from Cisco VTC endpoint, VIS keeps sending INVITEs request to Cisco VTC or CUCM every second. However, Cisco VTC endpoint starts to reply 503 service unavailable from the 24th INVITE onwards. Therefore, VIS drops both legs of the call when Skype for Business client does a mid-call control operation. |
|
Consider the following scenario:
In this scenario, the method call may fail, and you receive the following error message: NodeSetting.ONLINE_USER_COUNT_SETTING is immutable
This issue occurs because room search command tries to set a parameter value that’s an external read-only field |
|
When you try to upload a file that has no English characters included in the file name to a persistent chat room in a Microsoft Skype for Business Server 2015 environment, other members in the room cannot see the file, and you receive the following error message:
The action couldn’t be completed. Please try again later.
This issue occurs because the program cannot convert the file name that’s encoded by UTF-8. |
|
Assume that you have installed KB 4015893, but have not run the Set-CsPlatformServiceSettings cmdlet to set the EnableDelegateManagement attribute to true. In this situation, installing this update will automatically set the value to true. This means that you enable the delegate management feature. |
|
Assume that you use a Microsoft Skype for Business mobile client to dial a Public Switched Telephone Network (PSTN) number in a Microsoft Skype for Business Server 2015 environment. When you view the Peer-to-Peer Session Detail Report, you find that the From number attribute is empty.
This issue occurs because the Microsoft Unified Communication Web API (UCWA) does not send TelNumber in P2PSessiondata. |
|
Your end-users report that they can’t join a Skype for Business meeting, especially when they join the meeting by using Microsoft Business Room System or Surface Hub devices.
This issue occurs because all subsequent sign-in processes fail for these devices after a rare race condition occurs in Microsoft Skype for Business Server 2015 Front End service. |
|
Consider the following scenario in a Microsoft Skype for Business Server 2015 environment:
In this scenario, when you search for “Skype for Business Web App” in search engines such as Google, Bing or Yahoo, you can see the meeting URL publicly. Additionally, other people can join the meeting randomly if you enable the anonymous meeting join feature. This issue occurs because search engines browse the public site, see the meet.lync.com URL, then crawl it, and index it into the search engines. |
|
Assume that the default browser is Firefox and its version is greater than or equal to 52. When you try to click a Skype for Business meeting link to join the meeting that’s created at an on-premises server, the Skype for Business web client is opened to join the meeting instead of the Skype for Business desktop client.
This issue occurs because the Netscape Plugin Application Programming Interface (NPAPI) plugin is deprecated in Firefox 52 or a later version. NPAPI is currently used as part of the client detection process for the Lync or Skype for Business client when you join a meeting by clicking a link. When NPAPI is disabled, the webpage can’t determine whether you have the client installed. |
|
When you use Microsoft Skype for Business Server 2015 Persistent Chat Server, you may receive the following event:
Time: Date/Time ID: 53530 Level: Error Source: LS Persistent Chat Server Machine: ServerName Message: The Persistent Chat database connection was lost. The Skype for Business Server 2015, Persistent Chat lost connection to the database using connection string: Data Source=sql.contoso.com;Initial Catalog=mgc;Integrated Security=SSPI; Cause: An unexpected error occurred that caused the loss of the Persistent Chat database connection. Resolution: Check the state of the database.
This issue occurs because the procProcessADUpdates stored procedure takes more than 30 seconds to run. Default Skype for Business Server 2015 Persistent Chat Servertime-out is 30 seconds so that the stored procedure execution will be aborted. |
|
Consider the following scenario in a Microsoft Skype for Business Server 2015 environment:
In this scenario, the user move fails. Additionally, you see many SIP messages are queued on Front-End servers. This issue occurs because of a failure in the RtcUpdateResourceAttributes stored procedure that’s caused by time-out. |
CU Installer Pre reqs
On the install notes it does mention to apply this update, you must have Microsoft .NET Framework 4.5.2 (Offline Installer or Web Installer) installed.
Unfortunately i cant install this CU in my lab as my lab is boxed up and in storage as were in the process of moving house. Should of had my lab in Azure lol
References
Download
https://www.microsoft.com/en-us/download/confirmation.aspx?id=47690
SfB Server 2015 Updates
https://support.microsoft.com/en-us/help/3061064/updates-for-skype-for-business-server-2015
Martin Boam's Microsoft Blog 